MGM Resorts heavily affected by cyberattack: Here’s what you need to know

Various MGM Resorts International properties across the U.S. on Monday faced a "cybersecurity issue" that caused the gaming giant to temporarily shutter computer systems across the country.

The issue first began Sunday, the Associated Press reported. The cyberattack is believed to affect properties in Nevada, Maryland, Massachusetts, Michigan, Mississippi, New Jersey, New York and Ohio. MGM Resorts is the largest casino operator in Las Vegas, where it has some of the best-known resorts on the Las Vegas Strip, including the MGM Grand, Bellagio, Cosmopolitan, Aria, Mandalay Bay, Luxor, New York-New York, Excalibur and Park MGM.

The company's reservations system appears to be down, and the website directs customers to make reservations or contact a concierge. The website previously offered a list of phone numbers to call by property, but it was directing customers as of Wednesday afternoon to book show tickets via Ticketmaster and noted guests with check-in dates through Sept. 17 had the option to change or cancel their reservation free of charge.

Social media reports indicate slot machines are out of service, and company emails, reservations and room keys are also affected by the attack.

The online sports betting platform BetMGM's Nevada website appeared to be down as of Monday afternoon, while the platform's websites in other states, such as Massachusetts, appeared to be functioning as normal.

An MGM Resorts spokesperson did not respond to TPG's request for comment, but a company statement on X — the social media platform formerly known as Twitter — noted, "MGM Resorts recently identified a cybersecurity issue affecting some of the Company's systems" and that it had notified law enforcement agencies.

The company posted late Monday night that "dining, entertainment and gaming are currently operational" and that guests were able to access their hotel rooms. As of Tuesday morning, MGM's reservations website was still down and directing customers to various phone numbers.

Cyberattacks on the rise in the travel sector

MGM's cybersecurity woes are the latest in a rise in cyberattacks on various hotel companies in recent years. Caesars Entertainment reportedly paid tens of millions of dollars to hackers who breached the MGM Resorts rival's IT systems in recent weeks, Bloomberg reported Wednesday. The ransom payment was to thwart the hackers, who first targeted Caesars in late August, from leaking customer data.

IHG Hotels & Resorts faced a cyberattack last September that crippled its own computer systems and left residual problems in its loyalty system in the weeks that followed.

Daily Newsletter

Reward your inbox with the TPG Daily newsletter

Join over 700,000 readers for breaking news, in-depth guides and exclusive deals from TPG’s experts

Email address

Sign up

By signing up, you will receive newsletters and promotional content and agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.

A network of cyberattacks in 2021 involved at least 11 global airlines, including United Airlines and American Airlines in the U.S., after cybercriminals targeted travel technology provider SITA.

Hilton faced cyberattacks in 2014 and 2015 that put more than 363,000 customer accounts at risk amid credit card data breaches, the BBC reported in 2017.

Perhaps the best-known cyberattack in the hotel sector involved Marriott in 2018, when the data of 500 million guests from Starwood Hotels & Resorts (which Marriott acquired in 2016) was breached in one of the largest data security failures of all time. Marriott faced significantly smaller data breaches in 2020 and 2022.

How to protect yourself

It is still unclear if MGM's cybersecurity issue involves a data breach, but if that does end up being the case and you think you might be affected, it is important to monitor banking and credit card information to prevent any form of identity theft, McAfee reports.

Change your online passwords, and look into receiving credit monitoring.

The computer security software provider also notes you should place a fraud alert with one of the major credit agencies (Equifax, Experian or TransUnion), and it will notify the other two.